How do I set allow_url_include to On?
The allow_url_include directive is disabled on all Hawk Host servers and cannot be overridden through PHP Selector. This setting is disabled by default in PHP, and as of PHP 7.4 it is deprecated.
Why is it disabled?
Section titled “Why is it disabled?”When enabled, allow_url_include makes include, include_once, require, and require_once URL-aware, which has major security implications. It allows remote code to be executed as PHP, making your site vulnerable to code injection attacks. This capability is also frequently exploited in malicious files.
Safe alternatives
Section titled “Safe alternatives”Including files from your own site:
Instead of:
<?php include("http://mywebsite.com/includes/header.php"); ?>Use a local path:
<?php include("includes/header.php"); ?>This is both safer and faster than fetching the file over HTTP.
Fetching external content:
Instead of:
<?php include("http://www.otherwebsite.com/scores.txt"); ?>Use file_get_contents:
<?php echo file_get_contents("http://www.otherwebsite.com/scores.txt"); ?>This will not execute remote PHP code, making it safer for your site. Keep in mind that displaying content from external sites may still contain malicious HTML or JavaScript.